[Koha-bugs] [Bug 21311] Remove locked message from opac-auth.tt
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Sun Oct 28 15:56:45 CET 2018
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21311
M. Tompsett <mtompset at hotmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Text to go in the| |It is good security
release notes| |practice to not provide
| |details which could confirm
| |or deny the existence of an
| |account. Previously, the
| |simple "This account has
| |been locked!" confirmed its
| |existence which would only
| |encourage more attacks by
| |hackers.
| |
| |To prevent aiding
| |malicious attacks, the
| |message has been changed to
| |something that does not
| |expressly state the account
| |has been locked. It only
| |mentions that accounts will
| |be locked after a number of
| |failed attempts, instead of
| |saying whether it is locked
| |or not.
| |
| |So while a
| |successful attempt will
| |seem to have an invalid
| |username or password
| |suggestion after the
| |account is locked, users
| |should be reminded that
| |they can always reset their
| |password or contact library
| |staff for help.
--- Comment #29 from M. Tompsett <mtompset at hotmail.com> ---
I attempted to write something. Feel free to change it, if it is unclear, too
long, or insufficient.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list